The KoolAid is being quaffed in great quantities this week in Dublin. And, having run national and international conferences in the Data Protection and Data Quality fields, I have to respect the achievement of the organisers of the Dublin Web Summit for putting together an impressive event that showcases the level of innovation and thought leadership, and capability in web, data, and all things tech.
Yes. About that â€œthought leadershipâ€â€¦
Todayâ€™s Irish Times Business Section carries a story by Karlin Lillington about things that have been happening with her personal data at the Web Summit. An event she is not attending and has not registered for but for which she:
- is registered as an attended
- is listed on the media attendees list
- has had her contact details distributed to sponsors and companies attending the event
- has had her details shared with a social networking application that has pulled data from her Facebook profile
In addition, she highlights that a list of ALL attendees is being distributed by the organisers if you request it through their Facebook page, but there is no opt-out for being included on this list and nothing in your registration that informs you that this will be happening.
Emails are being sent out without people having opted-in, and not every email that is being sent out has the required opt-out. And I suspect that that may be the tip of the iceberg.
Karlin reports that there have been complaints filed with the ODPC. My twitter stream this morning confirms that there are a number of people who I follow who have complained about how their data has been used. Many of these people would be the kind of people who youâ€™d like to see fronting the thought leadership and innovation in web and data stuff, and they are irked at how their data is being abused.
The DPC apparently has had previous complaints about Web Summit and has engaged with them in an â€œAdvisory Capacityâ€. In my experience working with clients who have been subject to Data Protection complaints and have been investigated by the DPC, that is the Data Protection equivalent of â€œhelping the police with their enquiriesâ€. Web Summit has been handed rope. They have been guided and advised as to what needs to be done to be compliant (in keeping with the gummy tiger provisions of Section 10 of the Data Protection Acts which require the DPC to seek amicable resolution first and to focus on encouraging compliance rather than punish breaches).
Dublin Web Summit has chosen, whether through a deliberate decision or a series of ego-driven and ignorance fuelled errors of judgement to ignore the advice of the DPC and continues to act in a manner that flouts the Data Protection rules that (and hereâ€™s the kicker) are not â€˜nice to haveâ€™ but are guaranteed under Article 16 of the TFEU and have been subject to a number of recent tests at Circuit Court and High Court.
Basically this is a Data Protection cluster f*ck of the highest order that illustrates one of the key problems with the â€œInnovation cultureâ€ in Ireland and, on the part of Government, either a blatant hypocrisy or a sociopathic ability to hold multiple contradictory positions at once. We want to promote Ireland as a great place to do business with web and data. And we want to be seen to be a bastion of increasingly responsible governance and regulation (after all, weâ€™ve learned the lessons of the financial services collapse right? That one where we had a Regulatory regime that was of so light a touch it could earn extra pin money touting for trade along the canal.) But for feckâ€™s sake, donâ€™t let the LAW get in the way of the use of TECHNOLOGY.
Dublin Web Summit has almost certainly breached the Data Protection Acts in a variety of ways. Given that many of those breaches would appear to have been taken AFTER the DPC had given advice and guidance on what not to do. So the Web Summit organisers might want to check section 29 of the Data Protection Acts (never used, but thereâ€™s always a first time).
Data Protection and Data Quality go hand in hand. Heck, the principles for Data Protection are referred to in Directive 95/46/EC (and a variety of other places) as â€œPrinciples for Data Qualityâ€. But on a more practical level, the approach the Web Summit has taken to obtaining and gathering their data and putting it to use has created some Data Quality problems.
Take Karlin for example.Her contact details have been included on a media contact list for the event, touting her as someone from the media who is attending. A variety of sponsors and exhibitors at the event have apparently contacted her looking to meet at the conference. Iâ€™m guessing theyâ€™re a bit surprised when a leading tech journalist tells them she isnâ€™t attending the event and wonâ€™t be able to meet with them.
Also, eyeballing the â€œmedia listâ€ Iâ€™ve found:
- Duplicate entries (suggesting the list was created from multiple sources)
- Organisations listed that might not be media organisations but are possibly service providers interfacing with media (new media/old media)â€¦ so VENDORS.
The categorisation of organisations is hair splitting on my part, but the duplicate entries on a list that was being circulated to sponsors and exhibitors is indicative of a lazy and careless approach to managing data.
How many of the people on the list are actually attending? And if you are counting the number of people attending from an organisation, are you allowing for duplicate and triplicate entries? If you are a marketing manager from a company who is ringing all these media people only to be told that they are either not attending or that they are not actually covering the tech aspects of the event but are (heaven forfend) actually exhibiting at the event yourself, how much will you trust this list next year? Will you be happy to pay for it?
Never mind the quality, look at the tech!!
And this is where we come to the brand aspect of all of this. The Web Summit has made basic mistakes in Data Protection compliance even when presented with advice and guidance from the DPC. With regard to their Presdo social networking application, there are examples of it being used in data protection compliant ways (Karlin cites the le Web conference which used the same application but presented people with a code they could use to confirm their consent to their personal data being accessed and shared).
But Dublin knows better. Dublin is the go-getter innovator. Rules schmules, Indians Schmindians.
Which is a mantra that has disturbing echoes in the recent history of the European Economy. So it is a mantra we should, as thought leaders and innovators, be trying to distance ourselves from as much as possible. By showing how we can design privacy into everything we do in web and data and pushing the innovate envelope in ensuring balance.
But hereâ€™s my fear. EI and the Government donâ€™t get this. I am not aware of ANY EI incubator programme [Brian Honan informs me that Blanchardstown and Dundalk IT have had him in to talk to programmes] that provides training or briefings on Data Protection (Wayra does. I recently provided some content to help).
My company has submitted proposals to various government backed training programmes for On-Line business, and I have got letters back telling me that Data Protection is not relevant.
Everyone seems happy to touch the hem of the prophets of the Web and drink hungrily from the Kool Aid, repeating the mantra â€œRules Schmules, Indians Schmindiansâ€. But it is worth remembering the origins of the phrase â€œDrinking the Kool Aidâ€ (hint: it didnâ€™t work out well for the first group to do it).
The Data Protection world globally is in a state of rapid evolution. Those who ignore the help and advice of Regulators invite penalties and brand damage. It is time that the thought leaders of our web economy stepped back and actually thought about how they develop their brand and build trust based in the personal data economy.
Koolaid from the Floor [an update]
I made the mistake of watching twitter streams from the Dublin Web Summit. The KoolAid was gushing. Lots of great ideas and interesting innovation but not a single person seemed to be addressing the gorilla in the room that is Data Protection and Privacy.
Yes, Social Engagement is important. Yes it is important to build trust and engagement with your brand. But as W.Edwards Deming famously said:
You canâ€™t inspect quality into a product, itâ€™s there from the beginning.
In other words, if you donâ€™t start off by respecting your customers and their privacy rights, you will leave a bad taste in your customerâ€™s mouths and sour your brand.
Thatâ€™s the weedkiller in your web branding koolaid. Drink with care.